CVE-2005-2700
libapache-mod-ssl - acl restriction bypass
EPSS 15.1%
Description
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
How to fix CVE-2005-2700
To remediate CVE-2005-2700, upgrade the affected package to a fixed version below.
- Debian/apache2—upgrade to 2.0.54-5 or later
- Debian/libapache-mod-ssl—upgrade to 2.8.9-2.5 or later
Is CVE-2005-2700 being exploited?
Moderate — EPSS is 15.1%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.0.54-5
- from 0, < 2.8.9-2.5